DevOps has redefined how software is brought to market. Many tools now exist to automate pretty much anything, whether that’s pushing code, checking for vulnerabilities or testing code. But protecting the certificate lifecycle is often an area that has yet to be tackled.
For many reasons, protecting machine Identities has become critical to enabling digital transformation. As the world becomes increasingly digital, it is imperative that we authenticate and secure every machine-to-machine connection. Enter the Machine Identity Protection Development Fund, which sponsors the development of integrations with the Venafi Platform accelerating the expansion of the Venafi ecosystem and solving real customer challenges like certificate processes for DevOps today.
Recently I had the opportunity to meet with New Context, who provides consulting services and builds tools that help their customers around the globe prepare for security orchestration. As part of the Fund, New Context has completed a Venafi Adaptable Driver that integrates with Pivotal Cloud Foundry CredHub. In this continuing interview series with developers, I am speaking with Nathan Shimek who is VP of Client Solutions at New Context.
Bridget: Tell me about New Context and the mission for your clients.
Nathan: New Context is the security innovator for highly regulated industries. Our products and consulting services enable global leaders in energy, government and across a variety of enterprises to build, deploy and maintain Secure Compliant Data Platforms. The New Context Lean Security Intelligence Platform–LS/IQ–turns cybersecurity into a strategic business asset, assessing and optimizing development resources around security and compliance. New Context is a leader in open standards, advancing the development of OpenC2 standard and using security automation as a force multiplier for defenders.
Bridget: Describe for me the machine identity protection challenge you were aiming to solve as part of the Development Fund.
Nathan: Today, enterprises are unable to help their DevOps and hybrid cloud teams protect machine identities when using Pivotal Cloud Foundry. To solve this problem, Cloud Foundry organizations may try to build an Adaptable Application driver for CredHub, which is the central point of control for credential generation, storage, lifecycle management, logging and access control in Cloud Foundry. Or they try to enable developers to connect workflows with Vcert and/or REST APIs. Unfortunately, these approaches are typically one off in design and aren’t available to all Venafi customers. Operating in Pivotal Cloud Foundry requires secrets, including TLS machine identities, to be secured. Until now there hasn’t been a native integration for Venafi Platform and Pivotal Cloud Foundry.
Bridget: What has New Context delivered for Venafi customers?
Nathan: Our goal has been to enable Venafi customers to securely access and automate TLS machine identities for applications running in Pivotal Cloud Foundry using CredHub as the standard, single vault. So, we utilized an Adaptable Application driver to wrap TLS key and certificate API calls to the CredHub service. This approach would be similar to the Azure Key Vault driver.
Bridget: How will organizations benefit from using the Pivotal Cloud Foundry CredHub integration with Venafi?
Nathan: The Pivotal Cloud Foundry CredHub and Venafi Adaptable Application Driver allow an organization to use Venafi to manage certificate generation and monitoring and push those certificates to Pivotal Cloud Foundry CredHub for use in Pivotal Cloud Foundry provisioning operations. Centralizing the credentials in Cloud Foundry reduces the risk of leaked credentials and allows them to encrypt application credentials without code modifications. Also, automating the renewal of certificates in Pivotal Cloud Foundry environments eliminates the hassle caused by expired certificates, which prevents downtime and outages.
Learn more about New Context’s Pivotal Cloud Foundry CredHub integration and download the Adaptable Driver today from the Venafi Marketplace. And stay tuned for future interviews with Machine Identity Protection Development Fund recipients.